August 15, 2009

Hackers Use Twitter To Create Cyber Mayhem

The last couple of weeks have been a bit tumultuous for Twitter, which after being kicked offline last week during an attack, found yet another security problem.

A researcher found that at least one criminal was controlling several hundred infected computers, mostly in Brazil, by using a Twitter account.

The network of infected PCs is referred to as "botnet", which accounts for much of the damage online, including everything from identity theft to spamming to the recent forms of attacks that have plagued Twitter.

Jose Nazario of Arbor Networks said he discovered a Twitter account that was being used to send what appeared to be scrambled messages, but were actually commands for computers in a botnet to visit malicious Web sites, where programs are downloaded that steal banking passwords.

The account was, of course, immediately taken down, but Twitter chose not to respond right away with a statement or comment.

According to Nazario, it looks like the same person was attempting the same thing on an account with the Google service called Jaiku, which is somewhat similar to Twitter. The affected Google account was also taken down.

Nazario says the technique is not very sophisticated, and a couple hundred infected computers is a relatively small number when you consider the fact that some botnets contain hundreds of thousands of infected PCs.

This just proves that criminals are becoming incredibly innovative when its comes to finding new ways of exploiting legitimate social networking services in order to wreak havoc.

Social networking sites are particularly preferred by cyber criminals because the content is not easily monitored, and because people are prone to clicking on many links inside their accounts, which is one of the ways computer infections are most commonly spread.

"I wouldn't call it rocket science, but it's effective," Nazario said. "This is the problem with free social media that people need to be aware of."

The new information about the attacks comes after a destructive "denial-of-service" attack last week that ultimately had Twitter shut down. The attacks seem to have been aimed at a single blogger in the former Soviet republic of Georgia, but instead affected the entire Twitter service.

Such denial-of-service attacks involve a deluge of traffic trampling a Website until the servers can no longer handle the strain. This can be accomplished either by hitting the site with incredible traffic volume, or by increasingly overwhelming it with computing-intensive requests that are more difficult to detect. Such computing-intensive requests include logging in to sites or trying to do searches, which can utterly cripple a site.

Botnets, or networks of zombie computers, are the weapon of choice in both attacks.